On Fri, 27 Dec 2002 18:16:17 +0530, Rahul Chander Kashyap <rahulat_private> said: > And one more thing...<this one might be intresting ;-)> Is it possible > to write code that is completely secure and not exploitable? This is just a specific case of the question "Is it possible to write totally bug-free code"? And yes, it's *possible* to write bug-free code. The problem is that it's incredibly difficult to manage the development process in such a way that bugs are totally prevented - remember that humans are writing the code, and humans are.. well... human. ;) On the flip side, good development practices can probably gain us 2 or maybe even 3 orders of magnitude in security - remember that 98% of security bugs are The Same Dumb Things over and over - so simply not doing those dumb things gets you 2 orders of magnitude right there. Also, remember that there's some basic economics involved too - if you do a graph: |X . . O where 'X' is the costs (incident response, cleanup, C |X . . O lost sales, downtime, etc) of not being secure, and O | X .. .. O 'O' is the cost of actually deploying security (this S | X ..$.. O stuff *does* have real costs - ever had to get 30K T | XX OO users to change their password on a regular basis?) | XXX OOO The '.' line is the *sum* of those two, and will have |OOOOOOO XXXXXXX a minimum value somewhere - I've marked that with a +------------------ '$'. *THAT* is the correct level of security to have. SECURITY What you want is the *minimum total cost of security*. Now, for different applications, the 'X' and 'O' lines have different shapes - if you're securing nuclear launch codes, the 'X' is almost a horizontal (and very high) line - it's very expensive to get hacked no matter what your security is. It makes sense to spend a billion dollars to secure those. On the other hand, it *doesnt* make sense to spend even $200K (and that's not much in development terms - 2 man-years at best) to secure data that's only worth $2K. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 15:48:11 PST